Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
HOSTING & BOTNET
Botnets. General concepts, classification, and monetization of botnets.
Message
<blockquote data-quote="Ghosthunter" data-source="post: 518" data-attributes="member: 6"><p><h4>DDoS</h4><p>Also, all these machines can, suddenly, simultaneously access some site and " put " it. Everyone knows DDoS.</p><p>The most common attacks of this type are TCP SYN and UDP attacks.</p><p>DDoS attacks are not limited to web servers. They are often directed at a variety of services that are connected to the Internet.</p><p>The attack can be increased or worsened by recursive HTTP streams on the victim's website: bots recursively follow all links in the HTTP path.</p><p></p><p>A few years ago, DDoS attacks using IoT devices were very popular. Mirai generated a lot of derived queries and continued to expand, making the attack more complex. This innovation has significantly and irrevocably changed the threat landscape in terms of the methods used in this area of attacks.</p><p></p><h4>Traffic monitoring and theft of confidential data.</h4><p>Infected machines can be used as a traffic analyzer to detect confidential information on infected devices.</p><p></p><p>They can also find a competitor's botnets (if they are installed on the same machine) and be hacked in a timely manner.</p><p></p><p>The next, in my opinion, great direction is the ability to raise the SOCKS v4/v5 proxy server (universal proxy protocol for a TCP / IP-based network).</p><p></p><p>When the SOCKS proxy server is enabled on a compromised machine, it can be used for various purposes, such as sending spam (provided that we have port 25 open).</p><p></p><p>When analyzing packets, a sniffer embedded in the bot can successfully track important information: confidential data such as credit card numbers, passwords, and access rights.</p><p></p><h4>Keystroke logging (keylogging)</h4><p>This function logs all keystrokes on the infected machine, can structure them and issue them to the bot driver in a ready-made form.</p><p></p><p>Using this function, we can, for example, collect only those keys that are typed in the desired keyword sequences. Like PayPal, eBay, etc..</p><p></p><p>There is also a screen capture option.</p><p></p><h4>Click abuse (clickbots)</h4><p>Click through links for which the attacker receives a piecework reward. For example, all kinds of affiliate programs with banner or ad impressions.</p><p></p><h4>Ad Serving (Adware)</h4><p>The bot is used to display ads on an infected machine, redirect search queries to advertising sites, and collect marketing information. The bot collects the user's personal data and sends this data to the server. After processing the data, the bot shows the user relevant ads (ads that match their interests).</p><p></p><p>From the main menu - everything.</p><p>Next, we will analyze how this functionality can be monetized.</p><p></p><h4>Business models and monetization</h4><p>I often see that even " seasoned experts” in the field of information security make rather ridiculous mistakes, considering that the costs of botnery are minimal, or even zero at all.</p><p></p><p>I don't know, but for some reason all sorts of “experts” believe that if bot breeders do not have the costs of creating infrastructure In THEIR CLASSICAL sense, then in principle the cost part of bot breeders is scanty.</p><p>Of course, this is not the case. From the word IN GENERAL.</p><p></p><p>It is mistakenly assumed that the profit of a bot owner is often almost equal to the profit from the botnet operation. Any sane person understands that this is nonsense.</p><p></p><p>A botnet will not occur by itself. You need to create it. And once created, it must be maintained. And this-oh, how expensive!</p><p></p><p>Regarding the directions and development of different business models, botnets are an excellent platform for implementing all sorts of malicious practices that can bring us a decent income.</p><p></p><p>Below are the main directions.</p><p></p><h4>Spam: it sounds banal, but it is very difficult to implement</h4><p>Large-scale distribution of emails (may contain both advertising products and phishing content), as well as other malware (for example, ransomware).</p><p></p><p>Not so long ago, Krab showed how much one of their top ads earns, and who works with mailings.</p><p></p><p>There are no ready-made solutions on the market right now. There are several reasons.</p><p></p><p>As a rule, spam bots are written for specific purposes (affiliate programs).</p><p></p><p>There is no universal tool in this regard. More precisely, of course, in theory it is possible to make some general craft, but I do not recommend using it.</p><p></p><p>In any case, spam is the lot of advanced guys. Both in technical terms and in terms of cash receipts.</p><p></p><p>A spam bot is an advanced money-making machine. Spam as a mailing list, for the most part, is implemented as follows:: the script directly sends a pre-prepared email from the infected user's email address.</p><p></p><p>According to its working logic, the script practically repeats the webmaster's working processes.</p><p></p><p>The main advantage for a spammer is that mailing from infected machines will not be immediately blocked and will end up in blacklists.</p><p></p><p>With fine tuning and proper tuning, you can achieve very decent results.</p><p></p><p>Another significant bonus is the collection of emails from the infected machine's mail folders.Good spam databases are worth their weight in gold.</p><p></p><h4>DDoS and related earnings.</h4><p>And the earnings here are not very thick. More precisely, directions.</p><p></p><p>You either hammer victims yourself and demand a ransom for stopping attacks, or sell power to third parties.</p><p></p><p>With DDoS, everything is simple, in fact. By itself, it is not very relevant. As a rule, it is used in conjunction with other methods of attacking the target and, in most cases, to distract attention: while the target is being subjected to a massive DDoS attack, penetration is carried out from the other side. Thus, the technical department and security will fight off DDoS, and the evil guys will get into the perimeter, where they are not expected at all, and will remain unnoticed.</p><p></p><p>Blackmail as such is not very popular. You can hammer the victim, and there will be a stubborn and intractable idiot.</p><p></p><p>As a result, you will only spend time and resources, but you will not earn anything.</p><p></p><p>If anyone does not know what DDoS is... this is (very figuratively) a larger number of requests to the victim's server than it can accept and process. In Russian, this method of attack is also called “denial of service”. It is closely related to extortion (cyber-blackmail).</p><p></p><p>But, as we found out above, this is not the most profitable option.</p><p></p><h4>The next and much more profitable direction is socs.</h4><p>We can raise proxy servers on infected machines and sell access to them.</p><p></p><p>Good, fast and clean proxies, without exaggeration, are worth their weight in gold. They are needed by everyone: investors, arbitrageurs, poker and casino players...</p><p>Clientele in bulk. And the prices for high-quality proxies are impressive. Average pollution socks5 costs $1-10 per day. And this is ONE car.</p><p>So consider the profitability.</p><p>If you also add the backconnect module and the ability to have bots behind NAT, we multiply it by 2 at once.</p><p></p><p>The direction is always promising and in demand.</p><p></p><p>It is also not demanding on the quality of traffic. We don't really care about the contents of the machine. We care about the cleanliness and speed of the connection. Therefore, you can buy cheap and sump installations.</p><p></p><h4>Theft of confidential data</h4><p>As we know, the victim's car has a lot of private information that is of particular interest to different people and is also evaluated differently.</p><p></p><p>By infecting the machine, we will be able to steal things like bank cards and payment data for logging in to PayPal, eBay, Amazon and other services. Here we add all passwords from various services and access to mail.</p><p></p><p>All this is perfectly implemented on the market in the form of so-called logs.</p><p></p><p>They made a strait, stole the logs, ideally, processed them on their request and sold them. Profit.</p><p></p><p>The market is now saturated with logs and it will not be easy for a new product.</p><p></p><p>But it is also worth noting that the quality of logs for everyone, without exception, is at the bottom.</p><p></p><h4>The next over - the-top direction is mining</h4><p>Once upon a time (a very short period of time, by the way) it was progressive and quite profitable. Especially when the cue ball was mined on a video card, and you did not spend the mined 5-7 years)</p><p></p><p>Now the situation is deplorable. No matter how advanced your miner is, it still burns with proactivity.</p><p></p><p>But, most importantly, it's a dumb resource kill. Imagine you have a large-caliber 12.7-caliber sniper rifle that can hit targets behind cover at a distance of 3 km. And you herachite from it on the wheels of enemy armored vehicles 200 meters away.</p><p></p><p>The logic is clear, I hope?</p><p></p><p>Mining is not our story at all. Especially with the current market situation, of course.</p><p></p><p>Yes, even if the situation was favorable, bots need to be used correctly. Much more appropriate.</p><p></p><p>On this, perhaps, we will finish about mining once and for all.</p></blockquote><p></p>
[QUOTE="Ghosthunter, post: 518, member: 6"] [HEADING=3]DDoS[/HEADING] Also, all these machines can, suddenly, simultaneously access some site and " put " it. Everyone knows DDoS. The most common attacks of this type are TCP SYN and UDP attacks. DDoS attacks are not limited to web servers. They are often directed at a variety of services that are connected to the Internet. The attack can be increased or worsened by recursive HTTP streams on the victim's website: bots recursively follow all links in the HTTP path. A few years ago, DDoS attacks using IoT devices were very popular. Mirai generated a lot of derived queries and continued to expand, making the attack more complex. This innovation has significantly and irrevocably changed the threat landscape in terms of the methods used in this area of attacks. [HEADING=3]Traffic monitoring and theft of confidential data.[/HEADING] Infected machines can be used as a traffic analyzer to detect confidential information on infected devices. They can also find a competitor's botnets (if they are installed on the same machine) and be hacked in a timely manner. The next, in my opinion, great direction is the ability to raise the SOCKS v4/v5 proxy server (universal proxy protocol for a TCP / IP-based network). When the SOCKS proxy server is enabled on a compromised machine, it can be used for various purposes, such as sending spam (provided that we have port 25 open). When analyzing packets, a sniffer embedded in the bot can successfully track important information: confidential data such as credit card numbers, passwords, and access rights. [HEADING=3]Keystroke logging (keylogging)[/HEADING] This function logs all keystrokes on the infected machine, can structure them and issue them to the bot driver in a ready-made form. Using this function, we can, for example, collect only those keys that are typed in the desired keyword sequences. Like PayPal, eBay, etc.. There is also a screen capture option. [HEADING=3]Click abuse (clickbots)[/HEADING] Click through links for which the attacker receives a piecework reward. For example, all kinds of affiliate programs with banner or ad impressions. [HEADING=3]Ad Serving (Adware)[/HEADING] The bot is used to display ads on an infected machine, redirect search queries to advertising sites, and collect marketing information. The bot collects the user's personal data and sends this data to the server. After processing the data, the bot shows the user relevant ads (ads that match their interests). From the main menu - everything. Next, we will analyze how this functionality can be monetized. [HEADING=3]Business models and monetization[/HEADING] I often see that even " seasoned experts” in the field of information security make rather ridiculous mistakes, considering that the costs of botnery are minimal, or even zero at all. I don't know, but for some reason all sorts of “experts” believe that if bot breeders do not have the costs of creating infrastructure In THEIR CLASSICAL sense, then in principle the cost part of bot breeders is scanty. Of course, this is not the case. From the word IN GENERAL. It is mistakenly assumed that the profit of a bot owner is often almost equal to the profit from the botnet operation. Any sane person understands that this is nonsense. A botnet will not occur by itself. You need to create it. And once created, it must be maintained. And this-oh, how expensive! Regarding the directions and development of different business models, botnets are an excellent platform for implementing all sorts of malicious practices that can bring us a decent income. Below are the main directions. [HEADING=3]Spam: it sounds banal, but it is very difficult to implement[/HEADING] Large-scale distribution of emails (may contain both advertising products and phishing content), as well as other malware (for example, ransomware). Not so long ago, Krab showed how much one of their top ads earns, and who works with mailings. There are no ready-made solutions on the market right now. There are several reasons. As a rule, spam bots are written for specific purposes (affiliate programs). There is no universal tool in this regard. More precisely, of course, in theory it is possible to make some general craft, but I do not recommend using it. In any case, spam is the lot of advanced guys. Both in technical terms and in terms of cash receipts. A spam bot is an advanced money-making machine. Spam as a mailing list, for the most part, is implemented as follows:: the script directly sends a pre-prepared email from the infected user's email address. According to its working logic, the script practically repeats the webmaster's working processes. The main advantage for a spammer is that mailing from infected machines will not be immediately blocked and will end up in blacklists. With fine tuning and proper tuning, you can achieve very decent results. Another significant bonus is the collection of emails from the infected machine's mail folders.Good spam databases are worth their weight in gold. [HEADING=3]DDoS and related earnings.[/HEADING] And the earnings here are not very thick. More precisely, directions. You either hammer victims yourself and demand a ransom for stopping attacks, or sell power to third parties. With DDoS, everything is simple, in fact. By itself, it is not very relevant. As a rule, it is used in conjunction with other methods of attacking the target and, in most cases, to distract attention: while the target is being subjected to a massive DDoS attack, penetration is carried out from the other side. Thus, the technical department and security will fight off DDoS, and the evil guys will get into the perimeter, where they are not expected at all, and will remain unnoticed. Blackmail as such is not very popular. You can hammer the victim, and there will be a stubborn and intractable idiot. As a result, you will only spend time and resources, but you will not earn anything. If anyone does not know what DDoS is... this is (very figuratively) a larger number of requests to the victim's server than it can accept and process. In Russian, this method of attack is also called “denial of service”. It is closely related to extortion (cyber-blackmail). But, as we found out above, this is not the most profitable option. [HEADING=3]The next and much more profitable direction is socs.[/HEADING] We can raise proxy servers on infected machines and sell access to them. Good, fast and clean proxies, without exaggeration, are worth their weight in gold. They are needed by everyone: investors, arbitrageurs, poker and casino players... Clientele in bulk. And the prices for high-quality proxies are impressive. Average pollution socks5 costs $1-10 per day. And this is ONE car. So consider the profitability. If you also add the backconnect module and the ability to have bots behind NAT, we multiply it by 2 at once. The direction is always promising and in demand. It is also not demanding on the quality of traffic. We don't really care about the contents of the machine. We care about the cleanliness and speed of the connection. Therefore, you can buy cheap and sump installations. [HEADING=3]Theft of confidential data[/HEADING] As we know, the victim's car has a lot of private information that is of particular interest to different people and is also evaluated differently. By infecting the machine, we will be able to steal things like bank cards and payment data for logging in to PayPal, eBay, Amazon and other services. Here we add all passwords from various services and access to mail. All this is perfectly implemented on the market in the form of so-called logs. They made a strait, stole the logs, ideally, processed them on their request and sold them. Profit. The market is now saturated with logs and it will not be easy for a new product. But it is also worth noting that the quality of logs for everyone, without exception, is at the bottom. [HEADING=3]The next over - the-top direction is mining[/HEADING] Once upon a time (a very short period of time, by the way) it was progressive and quite profitable. Especially when the cue ball was mined on a video card, and you did not spend the mined 5-7 years) Now the situation is deplorable. No matter how advanced your miner is, it still burns with proactivity. But, most importantly, it's a dumb resource kill. Imagine you have a large-caliber 12.7-caliber sniper rifle that can hit targets behind cover at a distance of 3 km. And you herachite from it on the wheels of enemy armored vehicles 200 meters away. The logic is clear, I hope? Mining is not our story at all. Especially with the current market situation, of course. Yes, even if the situation was favorable, bots need to be used correctly. Much more appropriate. On this, perhaps, we will finish about mining once and for all. [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
HOSTING & BOTNET
Botnets. General concepts, classification, and monetization of botnets.
Top